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(54) Apparatus and method for securing a distributed network 



(57) An apparatus and method for secure data han- 
dling in a distributed network is implemented by a secure 
agent connected by a secure channel to a primary com- 
munication unit, secondary communication unit, and cli- 



ents. The primary communication unit and secondary 
communication units are connected to separate key- 
stores having keys. A method using distributed keys for 
encryption and decryption is disclosed. Another method 
utilizes multiple-time keys. 
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Description 

FIELD OF THE INVENTION 

[0001] The present invention relates to securing net- 
work data and more particularly to secure storage and 
communication of data in a distributed networking envi- 
ronment. 

BACKGROUND OF THE INVENTION 

[0002] Sensitive data is being increasingly stored and 
processed in networked environments. Networks typi- 
cally range from small and private local area networks 
to massively distributed public networks like the internet. 
Wide availability and use of networks has led to an in- 
creased risk of data-piracy. Data pirates try to intrude 
into networks in order to impermissibly access valuable 
data. Such data piracy is an ever-present security threat 
for owners of data that is stored or transmitted over a 
network. Furthermore, cyber-terrorism presents a wider 
challenge for security managers. Cyber-terrorists oper- 
ate across borders using internet or other networks tar- 
geting both networks and data that is stored or transmit- 
ted over the networks. 

[0003] Evolution of large networks has led to the need 
of distributed file systems. A typical distributed file sys- 
tem is designed to facilitate mass database storage and 
retrieval. The main concern for a distributed file system 
is to organize the storage and access of distributed con- 
tent rather than ensuring optimal security for the con- 
tent. Known systems for securing distributed file sys- 
tems generally operate within the realm of relatively sim- 
ple client-server architecture, and not across all types 
of distributed file systems. Thus, there is a need for a 
system and method that provide secure data storage 
and access in any operating environment, and particu- 
larly in a distributed operating environment. 
[0004] Wide varieties of attacks on the network secu- 
rity mechanism are possible in a given distributed envi- 
ronment. Typical examples of such network attacks are 
described next. Digital content is frequently stored in en- 
crypted forms that are encrypted using encryption keys. 
An attacker typically attempts to obtain the secret keys 
used to encrypt the data. Once the attacker has ob- 
tained the secret keys, heorshecanthen easily decrypt 
the encrypted data. 

[0005] Another type of attack involves stealing data 
by intercepting it during the decryption process. A pos- 
sible solution for such an attack would be to use a one- 
time password mechanism. Here, a trusted or secure 
agent in the network uses the current one-time pass- 
word each time it accesses the main information server 
and the proxy server. This method makes only the com- 
munications unique, but not the data that is communi- 
cated. An attacker could break into either the secure 
agent or the main information server to crack the func- 
tion that is used to generate the one-time passwords, 



and need not break both the systems. In addition, there 
is an ever-present possibility of the attacker breaking 
the secure communication channels, andfinding out the 
function used to generate the secure communications. 
s Thus, there is a need foran operating environment, pref- 
erably a distributed operating environment that is secure 
against a wide-variety of attacks. 
[0006] While distributed networks generally face se- 
curity problems, certain specific types of distributed net- 
10 works face acute problems. One such specific type of 
distributed network is the distributed media storage and 
retrieval network. Media like movies, music, images 
etc., are one of the favorite domains of data pirates, and 
hence give rise to a need for a secure distributed envi- 
es ronment useful for storing or retrieving media content. 
Thus, there is a need for a secure distributed network 
environment generally, in particular, there is a need for 
a secure distributed media server as a basic part of the 
network. 

20 

SUMMARY OF THE INVENTION 

[0007] The present invention is an apparatus and 
method for secure data handling in distributed network 
25 environments. The apparatus consists of a secure agent 
that is connected to a primary information communica- 
tion unit and the secondary communication unit. A com- 
munication unit can be configured in multiple ways. The 
communication unit can be any electronic device having 
30 at least a two-way network communication capability for 
receiving, processing and/or transmitting messages in 
a given network. The secure agent is also connected to 
clients. All of the above described components of the 
system are connected with a secure communication 
35 channel that uses state of the art security mechanism. 
The primary and secondary communication units have 
independent key-stores associated with them. 
[0008] The system and the method are designed to 
prevent and resist many types of attacks. First typical 
40 type of attack involves the attacker stealing the secret 
keys. A method of distributed keys is used to resist such 
attacks. Distributing the key information will force the at- 
tacker to steal all the distributed key information, the en- 
cryption function and the key generation function in or- 
45 der to reveal the real data. Another typical attack in- 
volves deceptively interfering with communications. A 
method of k-time keys is used to resist such attacks. 
[0009] An embodiment of the invention operates in a 
media distribution environment and protects the media 
so that is stored and distributed in a networked environ- 
ment. 

[0010] Further areas of applicability of the present in- 
vention will become apparent from the detailed descrip- 
tion provided hereinafter. It should be understood that 
55 the detailed description and specific examples, while in- 
dicating the preferred embodiment of the invention, are 
intended for purposes of illustration only and are not in- 
tended to limit the scope of the invention. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

[0011] The present invention will become more fully 
understood from the detailed description and the ac- 
companying drawings, wherein: 
[0012] Figure 1 shows a representation of a secure 
system 10; 

[001 3] Figure 2 is a flowchart for the encryption proc- 
ess in an embodiment using key distribution; 
[001 4] Figure 3 is a flowchart for the decryption proc- 
ess in an embodiment using key distribution; 
[0015] Figures 4a and 4b are flowcharts for the en- 
cryption process in an embodiment using 'k-time keys'; 
and 

[0016] Figures 5a and 5b are flowcharts for the de- 
cryption process in an embodiment using 'k-time keys'. 

DETAILED DESCRIPTION OF THE PREFERRED 
EMBODIMENTS 

[0017] The following description of the preferred em- 
bodiments) is merely exemplary in nature and is in no 
way intended to limit the invention, its application, or us- 
es. 

[0018] Network environments are prone to attacks 
that target their security. Attack scenarios discussed 
hereinafter are non-limiting examples of the different 
types of attacks covered by the present invention. For 
example, in a typical type of attack faced by the distrib- 
uted network environments, the attacker attempts to 
steal the secret keys and can then decrypt the encrypted 
data stored on the network using the stolen secret keys. 
The present invention employs a technique that distrib- 
utes secret key information spatially across multiple 
key-sets to eliminate the possibility of an attacker de- 
crypting the data using only a single set of keys. In an- 
othertype of attack, the attacker attempts to deceptively 
interfere with the communications. The present inven- 
tion utilizes 'k-time keys' described hereinafter to resist 
such attacks. 

[0019] Figure 1 shows a representation of a secure 
system 10. A communication unit used in the system 
can be any electronic device having at least two-way 
network communication capability for receiving, 
processing and/or transmitting messages in a given net- 
work. For example, the communication unit can be a 
server in the given network. A primary communication 
unit 12 operates as a principal source of stored informa- 
tion. Smallest unit of data storage on the primary com- 
munication unit 12 is a block, and multiple blocks com- 
prise a storage set which in turn is a subset of the overall 
data set. 

[0020] A secure agent 14 is connected to the primary 
communication unit 12 by a secure channel 16. The se- 
cure channel 16 further connects the secure agent 14 
to a secondary communication unit 1 8. One of the func- 
tions of the secondary communication unit 18 is to op- 
erate as a proxy communication unit. The primary com- 



munication unit 12 is preferably configured as a source 
of the information or content. The secure channel 1 6 al- 
so connects clients 20 to the secure agent 14. 
[0021 ] The secure system 1 0 may include multiple se- 
cure agents 1 4. The secure agent 1 4 can communicate 
with other system 10 elements in a variety of ways, for 
example, by using packet based protocol, streaming 
protocol or a mixed protocol. Those skilled in the art will 
appreciate that the transmission method would be se- 
lected depending upon a particular configuration of the 
system, and the choice of any particular transmission 
mechanism does not limit the invention. The present in- 
vention designates the secure agent 14 as the nodal 
point where most (or all) of the required encryption and 
decryption is done. Therefore, the security concerns for 
the information content are moved away from the pri- 
mary communication unit 12 and the secondary com- 
munication unit 1 8 toward the secure agent 1 4. 
[0022] Secure agent 1 4 is the focal point for security 
concerns and hence should preferably be configured as 
described next. The hard-drive space on the secure 
agent should be minimal and just sufficient to store the 
operating/control program. The encryption/decryption 
process should be done in a volatile random-access 
memory and the data that is being processed need not 
be stored on the hard-drive. The hardware should be 
made tamper resistant. A dedicated integrated circuit, 
for example a VLSI chip, which contains its own secret 
keys and provides dedicated encryption/decryption 
should be used. A secure bootstrap device should be 
used to load the boot-up code. The boot-up code should 
be stored in an encrypted form within the hardware. The 
encrypted boot-up code can be used to authenticate the 
whole system and the operating system. 
[0023] Secure channel 1 6 can be reinforced by a va- 
riety of methods. For example, Secure Sockets Layer 
(SSL) can be used to secure the channel 1 6. Alternately, 
a virtual private network (VPN) based mechanism can 
be used to secure the channel 16. Preferably, a state- 
of-the-art mechanism providing best security features 
should be used to secure the channel 1 6. Different sec- 
tions of the secure channel 16 may be secured by dif- 
ferent protocols or security mechanisms. 
[0024] The primary communication unit 1 2 is connect- 
edtoa K-keys storage 20 forstoring K-keys (notshown). 
The secondary communication unit 1 8 is connected to 
a S-keys storage 22 for storing S-keys (not shown). The 
secondary communication unit 18 is connected to a da- 
ta-store 24. The primary communication unit 12 can ei- 
ther internally incorporate data-stores or be connected 
to external data-stores via a secure channel. The des- 
ignation of sever 12 as 'primary' and communication unit 
1 8 as 'secondary' is for the sake of clarity and for distin- 
guishing both the communication units. Those skilled in 
the art will appreciate that the designation of communi- 
cation units as primary and secondary is non-limiting. 
[0025] Operation of the secure system 1 0 is described 
next. The client 20 makes a request for information to 
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the secure agent 14. The secure system 10 serves the 
client 20's requests by accessing the information stored 
on the secondary communication unit 1 8 through the se- 
cure agent 14. The secondary communication unit 18 
precedes serving of the client 20's request by a process s 
of transferring information from the primary communi- 
cation unit 12 and storing it on the data-store 24. The 
process of transferring involves encryption, which is de- 
scribed below. Alternately, the request for storing the in- 
formation from the primary communication unit 12 can io 
be initiated from the primary communication unit 12 it- 
self. In a typical scenario, the primary communication 
unit 12 will be serving the content from the content pro- 
vider. Primary communication unit 12 will initiate the 
process of storing its selected content on the secondary '5 
communication unit 18. The process of transferring is 
described below. 

[0026] The primary communication unit 12 does not 
directly transfer information to the secondary communi- 
cation unit 1 8. Instead, the primary communication unit 20 
operates via the secure agent 1 4 to transfer information 
to the secondary communication unit 18. The primary 
communication unit 12 opens a secure communication 
session to the secure agent 1 4 using the secure channel 
16. The secure agent 1 4 queries the primary communi- 25 
cation unit 12 for information about the file or data set 
to be transferred. The secure agent 1 4 sends a special 
request to the secondary communication unit 1 8 for stor- 
ing the current storage set in an encrypted form. 
[0027] The secondary communication unit 18 deter- 30 
mines the physical storage locations on the data-store 
24 that will be used to store the current encrypted stor- 
age set. The secondary communication unit 1 8 then de- 
termines a secret key s; for each storage set that con- 
stitutes the overall data set, where s, G {S} a set of S- 35 
keys. The secondary communication unit 1 8 sends each 
key s; and each storage set location information to the 
secure agent 14. 

[0028] The secure agent 14 requests the primary 
communication unit 12 to generate a set of K-keys {K} 40 
having the number of keys equal to the number of keys 
in the set {S} of S-keys. The primary communication unit 
sends the information to be encrypted, i.e. the data-set 
D, and the set of K-keys {K} to the secure agent 14. The 
secure agent 1 4 then proceeds to encrypt the data-set 45 
D using a suitable method. The secure agent 14 sends 
the encrypted data to the secondary communication unit 
18, which stores the incoming encrypted data. Finally, 
the secondary communication unit 18 sends a signed 
certificate to the primary communication unit 1 8 overthe so 
secure channel 1 6 confirming the successful storage of 
the encrypted content. 

[0029] The description of the system 1 0 here is in the 
context of an example showing distribution of keys from 
two key-sets. The present invention covers the method 55 
of distributing two or more number of key-sets across 
multiple locations. Each additional location for distribut- 
ed keys will add a little more security. Distributing keys 



across multiple locations makes the secure agent 1 4 the 
only viable target for attacks. As the security at the se- 
cure agent 14 increases sufficiently, the keys should be 
distributed across multiple locations. Ideally, the degree 
of difficulty of breaking either the secure agent 14 or the 
key distribution should be approximately the same. 
Those, skilled in the art will readily appreciate that the 
present invention covers embodiments using multiple 
keys distributed over multiple locations. 
[0030] An illustrative flowchart for the encryption 
method is described next. Those skilled in the art would 
appreciate that a variety of methods can be used to en- 
crypt the dataset D and the choice of a particular method 
does not limit the present invention in any manner. 
[0031 ] Figure 2 is a flowchart for the encryption proc- 
ess in an embodiment using key distribution. The steps 
26 and 28 show a loop which repeats for values of J 
from 0 to the number of elements in the set {S} i.e., ISI. 
A keyj is computed from the pair of Sj and kj keys at step 
30. Blockj selected at step 32 is encrypted at step 34. 
This encryption process will typically use a block cipher 
to encrypt the blockj using the secret kevj, though other 
encryption methods may also be employed. The encryp- 
tion process may require additional hardware to provide 
required throughput for a given application. An impor- 
tant feature of the present invention is that the keys Sj 
and kj that were used to encrypt the data-block are dis- 
carded at step 36 once the blockj is encrypted. Discard- 
ing keys Sj and kj after the blockj is encrypted enhances 
security. Finally, the encrypted block is transmitted and 
thereafter deleted at step 38. The loop continues further 
iterations, if any, at step 40. 

[0032] Referring back to the Figure 1, secure agent 
14 agent will have no secret keys or data once the en- 
cryption session is complete. Network attacks that aim 
to steal the keys are strongly resisted by using a pair of 
keys that are discarded once the block is encrypted. 
Network security is further enhanced by the fact that en- 
cryption keys and data are never stored at a single lo- 
cation in the network. The key information is distributed 
through the space by storing K-keys on the K-keys stor- 
age 20 associated with the primary communication unit 
12 and the S-keys on the S-keys storage 22 associated 
with the secondary communication unit 18. An attacker 
will be unable to decrypt the encrypted data if he or she 
is able to steal only one type of key. 
[0033] The decryption process occurs when a client 
20 makes a request for decrypted content to the secure 
agent 14, which in turn sends a special decryption re- 
quest to the secondary communication unit 1 8 seeking 
the key-set {S}. The secure agent 14 also sends a re- 
questto the primary communication unit 12 for providing 
the key-set {K}. Once key-sets {K} and {S} are obtained 
from the primary communication unit 12 and the sec- 
ondary communication unit 1 8 respectively, the decryp- 
tion process can be initiated. It is necessary to obtain 
keys {K} and {S} as the key information spread over 
these two key-sets is distributed through space, i.e., 
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kept on physically different communication units. 
[0034] Figure 3 is a flowchart for the decryption proc- 
ess in an embodiment using key distribution. The de- 
cryption process is very similar to the encryption proc- 
ess. The steps 42 and 44 show a loop which repeats for 5 
values of J from 1 to the number of elements in the set 
{S} i.e., I SI . A keyj is computed from the pair of Sj and kj 
keys at step 46. Blockj is received from the secondary 
communication unit 1 8 at step 48 and is then decrypted 
at step 50. An important feature of the present invention 10 
is that the keys Sj and kj that were used to decrypt the 
data-block are discarded at step 52 once the blockj is 
decrypted. Finally, the decrypted block is transmitted to 
the client 20 (as shown in Figure 1) and thereafter de- 
leted at step 54. The loop continues further iterations, if 15 
any, at step 56. The decryption process may require ad- 
ditional hardware to provide required throughput for a 
given application. 

[0035] The client 20 (as shown in Figure 1 ) preferably 
includes an output device like theatre projection sys- 20 
terns, computerconnected output devices, portable pro- 
jection systems, televisions, personal audio-visual sys- 
tems, audio output devices, and video output devices. 
The invention is not limited by the type of output device 
used and covers any suitable output device. Alternately, 25 
the client 20 may further store and process the informa- 
tion received for some non-output function. 
[0036] As shown in Figure 1 , the key sets {S} and {K} 
are transmitted over a secure channel 16. Though the 
secure channel 16 uses a state-of-the-art security 30 
mechanism, there is an ever present possibility, howev- 
er insignificant, of a breach of the secure channel. As- 
suming that the attacker has breached the security 
mechanism for the secure channel 16, the attacker 
would be able to access the key information without hav- 35 
ing to break into any of the communication units or stor- 
age elements in the network. Further, the encryption 
function may be known to the attacker and he or she 
would be able to generate the secret key and decrypt 
the protected data. A variety of methods may be em- 40 
ployed for secure key transmission. One of such possi- 
ble methods is described next. 

[0037] EIGammal key agreement is a variant of Diffie- 
Hellman encryption method and provides a one-pass 
protocol with unilateral key authentication given that the 45 
public key of the recipient is known to originator in ad- 
vance. Let 'n' be the length in bits of each secret key in 
sets {S} and {K}. The main concept in the following de- 
scription is to use the EIGamal method to pass the sets 
{S} and {K} to the secure agent 14. The secondary com- so 
munication unit 1 8 and the primary communication unit 
12 will first obtain the secure agent 14's EIGamal public 
keys and then perform a calculation to produce a value 
O, which is then passed to the secure agent 14. The 
secure agent 1 4 will then perform its own calculation to 55 
recover the secret keys. 

[0038] In the EIGamal method's method described 
below, A' represents either the primary communication 



unit 12 orthe secondary communication unit 18, and 'B' 
denotes the secure agent 1 4. A sends to B a single mes- 
sage allowing one-pass key agreement that results in a 
shared secret K known to both entities A and B. 

EIGamal method : 

[0039] 

1 . One-time setup (key generation and publication). 
B does the following: 

Picks an appropriate prime p and generator a 
ofZ p *. 

Select a random integer b, such that p/4 < b < 
p - 2, and compute a b mod p. 
B publishes its public key (p, a, a b ), keeping 
private key b secret. 

2. Protocol messages: 

A -> B: a x mod p (1) 

3. Protocol Actions: 

(a) A obtains an authenticated copy of B's pub- 
lic key (p. a, a b ) A chooses a random integer x, 
such that p/4 < x < p - 2, and sends B message 
(1) 

A computes the key as U = (a b )* mod p 

(b) B computes the same key on receipt of mes- 
sage (1 ) as U = (a*) b mod p 

[0040] In order to pass the set S, the secondary com- 
munication unit 18 will randomly generate each Sj G S 
as x is generated in step (3a) above. It will randomly 
generate each Sj once and save the result. The second- 
ary communication unit 18 will just send a A (sp mod pto 
the secure agent which will then compute Uj s = (a A (Sj)) fc 
mod p. Likewise for the primary communication unit 12, 
where the result will be Uj k = (ocA(kj)) b mod p. Then the 
trusted agent computes the final secret key, i.e., key, = 
Uj s ® Uj k , where ® is the XOR function. 
[0041] The benefit of the above-described approach 
is that a shared secret between the primary communi- 
cation unit 1 2 or secondary communication unit 1 8 and 
the secure agent 14 is not necessary and that only the 
secret b needs to be safe guarded at the secure agent 
14. 

[0042] The weakness of this system is that the attack- 
ers can sometimes replace a set of public keys with their 
own keys, a typical man-in-the-middie attack. A stand- 
ard method of preventing such attack is to have the pub- 
lic keys stored with an authenticating agent. It is sug- 
gested that the values (xa(Sj) and OA(kj) be sent via a 
secure channel, which means both the secure channel 
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and the public keys need to be successfully attacked . 
This approach at least doubles the required effort and 
expertise necessary for a successful attack and thus 
makes it harder for the attacker to compromise the sys- 
tem security. Finally, since Uj s and Uj k are never used s 
by the primary communication unit 1 2 or the secondary 
communication unit 18, the secure agent 14 can also 
alter each Uj s and Uj k with a secret function f that is only 
known to the trusted agent. Basically, the final secret 
key keyj = f[U*) ® /(Uj k ) which would mean an attacker 10 
would also need to obtain or achieve the function fin 
order to successfully determine the secret key used to 
encrypt the content. 

[0043] Another powerful type of attack on distributed 
networks involves deceptively interfering with the com- '5 
munications. The attacker can access secret keys, en- 
crypted data or both by deceptively interfering with the 
network communications. All such attacks typically in- 
volve the attacker capturing transmission between var- 
ious network elements for making false requests 20 
through communication replay. To prevent such attacks 
it is necessary to make some of the communications and 
the decryption process to be unique for each requested 
use of the content. 

[0044] The present invention employs 'k-time time 25 
keys' to provide high security against attacks involving 
deceptive interference with the communications. A set 

of 'k' secondary keys, i.e., SecKeys = {sk 1 sk k } is 

generated. The 'k' number of secondary keys are used 
to encrypt 'k' selected blocks of content C. The set of 30 

selected blocks B is constructed as B = {b t b k } and 

where B c content C. Blocks of the set B are duplicated 

k times to form the set B dup ={b 11 , b 12 b 1k b^ b 21 

b 2k ..., b k1 b kk }. Secondary key skj from the SecKeys 

set is used to encrypt duplicated blocks b kj . The 35 

secure agent 14 (as shown in Figure 1) will then use the 
encryption process as described next. 
[0045] Figures 4a and 4b are flowcharts for the en- 
cryption process in an embodiment using 'k-tims keys'. 
A loop runs for values of variable J from 0 to ISI (number 40 
of elements in the set {S}) as shown at steps 58 and 60. 
A key is computed at the step 62 as keyj by a key com- 
putation function taking Sj e S and kj e K as arguments. 
A blockj is selected as a subset of the whole data set D 
at step 64 and is typically the size of one stripe. Using 45 
the generated keyj the currently selected blockj is en- 
crypted at step 66. A condition is checked at step 68 if 
for some 'b' it holds that b n blockj * 0 then the condition 
block is executed. Typically, it is true that b = blockj , but 
for efficiency reasons this need not be true always, so 
Therefore, only the subsection of enc_blockj that repre- 
sents the intersection of 'b' and blockj would be encrypt- 
ed with the secondary key skj. In the conditional block, 
the secondary key skj is fetched for block 'b' at step 70. 
New enc_blockj is generated at step 72 by the 55 
k_time_Encryption function that takes the b n blockj , 
skj, and enc_biockj as arguments. The keyj and blockj 
are discarded at step 74. The loop returns at step 76. 



After the loop is terminated the set of secondary keys 
SecKeys is discarded at step 78. 
[0046] The method described may result in increased 
file size, but the file size can be readily minimized by 
carefully selecting the blocks to be duplicated. For ex- 
ample, in MPEG2 scheme one can select blocks that 
define some of the more important decoding constants 
for duplication. 

[0047] Referring back to Figure 1, the decryption 
process for k-time keys is described next. The client 20 
makes a request for information content to the secure 
agent 14. The secure agent 14 makes a request to the 
primary communication unit 12 for the key-set {K}, the 
current key count "j" (where j < k), the secondary key skj, 
and set of data-blocks {B}. The primary communication 
unit 12 sends the requested information to the secure 
agent 14. The secure agent 14 then requests the sec- 
ondary communication unit 18 for the key-set {3} and 
the secondary communication unit 1 8 sends the same. 
The secure agent 14 decrypts the data using the keys 
from key-sets {S}, {K} and the secondary key set skj. 
[0048] Each decryption step uses a secondary key for 
each communication and thus making each communi- 
cation between the secure agent and the primary com- 
munication unit 1 2 unique. It is possible to enhance se- 
curity by distributing the secondary keys though space 
similar to that for S and K keys described above. By de- 
leting the duplicated blocks associated with the second- 
ary key skj the data block is also unique for each encryp- 
tion step. 

[0049] Figures 5a and 5b are flowcharts for the de- 
cryption process in an embodiment using 'k-time keys'. 
A loop runs for values of variable J from 0 to ISI (i.e., 
number of elements in the set {S}) as shown at steps 80 
and 82. A key is computed at the step 84 as keyj by a 
key computation function taking Sj G S and kj G K as 
arguments. An encrypted block (enc_blockj) is received 
from the secondary communication unit, which is typi- 
cally a media server. Using the generated keyj the cur- 
rently selected blockj is decrypted at step 88. 
[0050] A condition is checked at step 90 that if the en- 
crypted block (enc_blockj) has also been encrypted with 
a secondary key, either partially or in its entirety, then 
the condition block is executed. Typically, it is true that 
b = biockj , but for efficiency reasons this need not be 
true always. Therefore, only the subsection of 
enc_blockj that represents the intersection of 'b' and 
blockj would be decrypted with the secondary key skj. 
In the conditional block, the secondary key skj is fetched 
for the block 'b' at step 92. New dec_blockj is generated 
at step 94 by the k_time_Secondary_Decryption func- 
tion that takes the b n blockj , skj , and dec_blockj as 
arguments. The keyj and blockj are discarded at step 
96. At step 98, the decrypted block is sent to its desti- 
nation, and when a confirmation of receipt of decrypted 
block is received from the destination then the 
enc_blockj is deleted. The loop returns at step 100. After 
the loop is terminated the set of secondary keys SecK- 
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eys is discarded at step 102. 

[0051] The security method of the present invention 
using k-time keys provides high level security against 
attacks involving deceptive interference with communi- 
cations. The k-times keys security method of the present 
invention provides low-cost protection against attacks 
involving deceptive interference with communications. 
Further, the k-time scheme allows a content provider to 
track and control the number of times it's content is ac- 
cessed. 

[0052] In a preferred embodiment, the invention is 
employed in a media distribution environment. The dis- 
tributed environment comprises a set of distributed stor- 
age elements and a secure agent 14 as a central co- 
ordination entity. The media distribution environment is 
only shown as an illustration. The media distribution en- 
vironment may have multiple secure agents. The clients 
of the media distribution environment are typically dis- 
allowed free access to the content. All requests from the 
clients must be routed via the secure agent. 
[0053] A typical media distribution environment in- 
volves the content provider that supplies all the non-en- 
crypted media content. The media communication unit 
typically is the secondary communication unit that may 
be placed in a theatre or as a communication unit at a 
video-on-demand intermediate service provider. The cli- 
ents may typically be theatres, televisions or home com- 
puters where the content is ultimately consumed. 
[0054] The description of the invention is merely ex- 
emplary in nature and, thus, variations that do not depart 
from the gist of the invention are intended to be within 
the scope of the invention. Such variations are not to be 
regarded as a departure from the spirit and scope of the 
invention, 



Claims 

1. An apparatus for secure data handling in a network, 
the apparatus comprising: 

a secure agent for combining a plurality of keys 
sourced from at least two key-sets for perform- 
ing a cryptographic operation on the data 
soured from at least two communication units. 

2. The apparatus of claim 1 wherein said cryptograph- 
ic operation is selected from a group consisting of 
a encryption operation and decryption operation. 

3. The apparatus of claim 1 wherein said two commu- 
nication units associated with at least two key- 
stores. 

4. The apparatus of claim 3 wherein said at least two 
key-stores storing at least two key-sets. 

5. The apparatus of claim 3 wherein said two commu- 



nication units are associated with said at least two 
key-stores by a secure communication channel. 

6. The apparatus of claim 1 wherein said secure agent 
s being connected to said at leasttwo communication 

units and at least one client by a secure communi- 
cation channel, said secure agent performing all 
principal encryption and decryption tasks. 

10 7. The apparatus of claim 6 wherein said at least one 
client includes a media output device selected from 
a group consisting of theatre projection systems, 
computer connected output devices, portable pro- 
jection systems, televisions, personal audio-visual 

is systems, audio output devices, and video output 
devices. 

8. The apparatus of claim 1 wherein said secure agent 
discarding said keys after performing said crypto- 

20 graphic operation. 

9. The apparatus of claim 1 wherein said secure agent 
having minimal hardware components. 

25 10. The apparatus of claim 1 wherein said secure agent 
including at least one program module for perform- 
ing the encryption and decryption tasks. 

11. The apparatus of claim 1 wherein said secure agent 
30 having at least one dedicated circuit element for 

performing the encryption and decryption tasks 
having secret keys. 

12. The apparatus of claim 1 wherein said at least two 
35 communication units comprising a first communica- 
tion unit functioning as a main content source and 
at least one second communication unit functioning 
as a proxy communication unit. 

40 13. The apparatus of claim 1 wherein said secure agent 
comprises a plurality of initiation codes stored in an 
encrypted form in at least one hardware compo- 
nent. 



dtwo 
key- 



prin- 



15. A method of encryption for secure data handling im- 
plemented over a network, the method comprising 



45 14. The apparatus of claim 1 further comprising: 

at least two key-stores associated with saic 
communication units, said at least two 
stores storing at least two key-sets; and 

so a secure channel connecting said commui 

tion units with said key-stores, said se 
agent being connected to said communicf 
units and at least one client by said se 
channel, said secure agent performing all 

55 cipal encryption and decryption tasks. 



7 



EP 1 387 522 A2 



5 steps of: 

generating at least one encryption key corre- 
sponding to at least one data-block using a 
combination of at least two keys selected from 
at least two key-sets; and 
encrypting said data-block with said encryption 
key to generate an encrypted data-block. 



sponding to at least one data-block using a 
combination of at least two keys selected from 
at least two key-sets, said data-block being an 
encrypted data-block; and 
decrypting said data-block with said decryption 
key to generate a decrypted data-block. 

24. The method of claim 23 further comprising the step 



16. The method of claim 15 further comprising the step 



transmitting said two key-sets from at least two 
communication units to at least one secure 
agent using a secure channel, each one of said 
key-sets being stored on one distinct said com- 
munication units, said two communication units 
comprising a first communication unit and a 
second communication unit. 



transmitting said least two key-sets from at 
least two communication units to at least one 
secure agent using a secure channel, each one 
of said key-sets being stored on one distinct 
said communication units, said two communi- 
cation units comprising a first communication 
unit and a second communication unit, said 
key-sets being stored on two distinct said com- 
munication units. 



17. The method of claim 16 wherein said at least two 
key-sets being transmitted to said secure agent us- 
ing a public key encryption method. 

18. The method of claim 17 wherein said public key en- 
cryption method is the EIGamal variant of the Diffie- 
Heilman method. 



25. The method of claim 24 further comprising the s 



selecting said one data-block from a data-set 
transferred from a given communication unit 
storing the encrypted content to said secure 
agent using said secure channel. 

19. The method of claim 16 further comprising the step 26. The method of claim 25 further comprising, the step 



selecting said data-block from a data-set trans- 
ferred from said first communication unit to said 
secure agent using said secure channel. 



transmitting said decrypted data-block from 
said secure agent to an output device using 
said secure channel. 



20. The method of claim 1 9 further comprising the step 27. The method of claim 23 further comprising the step 



transmitting said encrypted data-block from 
said secure agent to said second communica- 
tion unit using said secure channel. 

21 . The method of claim 1 5 further comprising the step 



discarding said data-block and the correspond- 
ing said encryption key. 

22. The method of claim 1 5 wherein the wherein the en- 
cryption of said data-block is performed using at 
least one hardware component to enhance the en- 
cryption throughput. 

23. A method of decryption for secure data handling im- 
plemented over a network, the method comprising 
the steps of: 

generating at least one decryption key corre- 



discarding each of said data-block and the cor- 
responding said decryption key. 

28. The method of claim 23 wherein the encryption of 
said data-block is performed using at least one 
hardware components to enhance the decryption 
throughput. 

29. A method of encryption for providing security 
against deceptive interference with communica- 
tions, the method comprising steps of: 

encrypting a data-block with at least one en- 
cryption key to generate an encrypted data- 
block; and 

encrypting a subset of said encrypted data- 
block with at least one secondary key. 

30. The method of claim 29 further comprising the steps 
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computing said encryption key based on a com- 
bination of at least two keys selected from at 
least two key-sets. 

31 . The method of claim 29 wherein said key-sets being 
stored on at least two distinct communication units, 
said at least two key-sets received from said least 
two communication units over a secure channel, 
said two communication units comprising a first 
communication unit and a second communication 
unit. 

32. The method of claim 31 wherein said secondary 
keys are distributed over distinct said communica- 
tion units for increasing security. 

33. The method of claim 31 further comprising the step 
of: 

selecting at least one data-block from a data- 
set transferred from said first communication 
unit to said secure agent using said secure 
channel. 

34. The method of claim 33 furthercomprising the steps 
of: 

determining at least one selected block-set 
comprising a predetermined number of select- 
ed blocks chosen from said data-set, said 
blocks being duplicated for a pre-determined 
number of times; and 

generating a predetermined number of said 
secondary keys, each one of said secondary 
keys corresponding to one of said selected 
blocks. 

35. The method of claim 34 wherein said subset repre- 
senting the non-empty intersection of a given se- 
lected block and said data-block. 



39. A method of decryption for providing security 
against deceptive interference with communica- 
tions, the method comprising steps of: 

5 decrypting a data-block with at least one de- 

cryption key to generate an non-encrypted da- 
ta-block, said data-block being an encrypted 
data-block; and 

encrypting a subset of said data-block with at 
10 least one secondary key. 

40. The method of claim 39 further comprising the steps 
of: 

'5 computing said decryption key based on a com- 

bination of at least two keys selected from at 
least two key-sets. 

41 . The method of claim 39 wherein said key-sets being 
20 stored on at least two distinct communication units, 

said at least two key-sets received from said least 
two communication units over a secure channel, 
said two communication units comprising a first 
communication unit and a second communication 
25 unit. 

42. The method of claim 41 wherein said secondary 
keys are distributed over distinct said communica- 
tion units for increasing security. 

30 

43. The method of claim 41 further comprising the step 
of: 

selecting at least one data-block from a data- 
35 set transferred from said first communication 

unit to said secure agent using said secure 
channel. 

44. The method of claim 43 further comprising the steps 
40 of: 



36. The method of claim 35 further comprising the step 
of: 

optimally choosing said selected blocks for re- 
ducing the size of said encrypted data-block. 

37. The method of claim 34 further comprising the step 
of: 

sending said encrypted data-block to said sec- 
ond communication unit. 

38. The method of claim 29 further comprising the step 
of: 

discarding said data-block and the correspond- 
ing said encryption key. 



determining at least one selected block-set 
comprising a predetermined number of select- 
ed blocks chosen from said data-set, said 
45 blocks being duplicated for a pre-determined 

number of times; and 

generating a predetermined number of said 
secondary keys, each one of said secondary 
keys corresponding to one of said selected 
so blocks. 

45. The method of claim 44 wherein said subset repre- 
senting the non-empty intersection of a given se- 
lected block and said data-block. 

55 

46. The method of claim 44 further comprising the step 
of: 
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sending said encrypted data-block to said sec- 
ond communication unit. 

47. The method of claim 39 further comprising the step 
of: s 

discarding said data-block and the correspond- 
ing said encryption key. 
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